Posted
by
kdawson
on Tuesday November 14, 2006 @06:07PM
from the P-is-for-passwords dept.

Haruki Soma writes, "Unearthed: An A to Z guide to security — from antivirus to zero-day. The writer includes the latest on the UK's newly updated Computer Misuse Act. She also pokes around rootkits, IM, and spyware, pens an ode to Gary McKinnon (aka the NASA hacker, in the 'E is for Extradition' entry), probes Google-induced Spear Phishing, and takes a look back at the Love Bug and Jaschan's Sasser." Security pros won't find much new here, but the rest of us might learn a thing or two.

A is for Adverts, and Goatse Guy's butt,
B is for Banners, what's my piece of the cut?
C is for C-Net, that page-whoring slut,
D is for Dickhead, by an ass and two nuts,
E is for Extra page views for the win,
F is for Flash, it's a whole 'nother sin,
G is for Google, do no evil (today!)
H is for Hackers, not crackers, OK?
I is for IM, "wut r u do now?"
J is for Javashit, shut it off now.
K is for Kids, 'cuz it's all for their sake,
L is for Legislators, all on the take.
M is for Microsoft, and masturbate meekly,
N is for Neologisms, which I invent weekly,
O is for Orange, with which nothing rhymes
P is for Pageviews, 26 fucking times?!
Q is for Question, WTF are you thinking?
R is for Readership, C-Net's lost a few drinking,
S is for Spammer, and spyware, and shit,
T is for Trash, Turd, and also twenty-six.
U is for Useless, the number of clicks,
V's for Vendettas on marketing pricks,
W is for Wizard, his robe and my hat,
X is for X-rated wizardly chat,
Y's what's starts "You", not the twenty-first letter,
Z is for Zero. (Shoulda wrote this poem better.)

I've been working in security for 5 years now, penetration testing, managed firewalls/IDS, BS7799 prep, etc... currently (among other bits and bobs) I run security for a UK motor insurance company.Lots of security material is all about the tech, but really (outside of Hollywood) hacking or any form of abuse is largely about people. The tech makes it easier or harder for the people - but ultimately at some point there is still someone at a keyboard making the decision to do something.

Be afraid. Threats to corporate security are everywhere. Just when you thought your network was safe from hackers, along came wi-fi - or your iPod-wielding workforce - and opened a whole new can of worms.

Security is by its nature ever-evolving. Just as one threat is apparently locked down, another springs up to take its place - or an old one rears its head in a new form. Grappling with this malicious hydra it's no wonder the security space spawns new terms and phrases at a rate of knots - and you're

Any Linux box has basically no virus weaknesses when compared to Windows.Buy a Mac or Linux box instead.Change all needed Windows boxes to use open source programs like Firefox instead of the virus prone shipped programs.DRM is not your friend.Exclude Linux users when sending warnings about Windows viruses.Forget about stability if using Windows servers.Go ahead, send a "virus" to my Linux email.Hire Linux IT people. The MS "professionals" cannot think outside buying a new box.Insert "Windows" in front of "Virus" in any warning emails.Join the open source club, and understand why transparency helps security.Kick out any "Linux is to hard to learn" sys-admins.Look out for those that say that a new box will fix it.Make plans to use open standards and avoid lock-ins.Never spend thousands on external software, when Linux can do it for free.Open source software that would never be your core business, but could benefit from thousands of eyes.Put all windows boxes behind firewalls.Quit your job if they are migrating from Linux to Windows.Run Linux to avoid virus problems.Stop all unused services, in Mac, Linux or Windows.Try OpenOffice. Viruses are not compatible with it.Understand which blackbox systems are hard to verify.Value employee advice.Windows will eventually go open source to competeXP only added fisher price colors.Your easy way out is to migrate away from Windows.Zune DRM is not friendly.

Out of all his points the writer left out the most important factor of them all and that small detail makes the whole thing useless to me. What happened to "Knowing your system" or perhaps "Understanding the environment you're on" ?

'You' maybe the weakest link to him with regards to passwords or trickery, but if you know what you're doing you'll decrease that risk factor tremendously.

#2&3:
You really trust MS to fix their own problems?
One of the easiest ways I've found to crash a computer is to install Windows updates as soon as they come out (which is 3 mos. after the vulnerability was discovered anyway).

If you take the paid-for AdAware you can automate some of the stuff they now have to manually do. In my experience, any manual operation will be omitted within weeks from taking your hands off the system..

It's quite funny some people try to write articles on security and speak of "hackers" without even knowing what it means.HACKER (Originally, someone who makes furniture with an Ax.) n. 1. A person who enjoys learning the details of programming systems and how to stretch their capabilities, as opposed to most users who prefer to learn only the minimum necessary. 2. One who programs enthusiastically, or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating h

The security troubles that have dogged Microsoft's Internet Explorer web browser, for instance, are caused by hackers writing pieces of code that exploit vulnerabilities in IE's code, enabling them to use the browser as a springboard to carry out a malicious action - such as hijacking a user's PC.

Meanwhile, web designers are busy at work creating web pages that work in Internet Explorer. Since MS doesn't give a DRM about standards, the developers' beautiful code must be "hacked" to work in IE.